CVE-2023-41521 - SQL Injection in Student Attendance Management System v1 Description Student Attendance Management System v1 contains multiple SQL injection vulnerabilities in the file. The parameters , , and are not properly sanitized before being used in SQL queries, allowing remote attackers to manipulate the application's database. Vulnerability Type SQL Injection Affected Product Product Name: Student Attendance Management System Version: v1 Component: createSessionTerm.php Vendor: GitHub Repository: https://github.com/rickxy/Student-Attendance-Management-System Attack Details Attack Type: Remote Attack Vectors: Manipulation of , , and parameters Impact: - Code Execution (via SQL manipulation) - Information Disclosure References https://github.com/rickxy/Student-Attendance-Management-System Discoverer Chaima EL BAHRAOUI